Overview

overview

7

Static

static

3

fc008e3aa4...18.exe

windows7-x64

7

fc008e3aa4...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

ReflexiveA...de.dll

windows7-x64

1

ReflexiveA...de.dll

windows10-2004-x64

1

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

SDL_image.dll

windows7-x64

1

SDL_image.dll

windows10-2004-x64

1

SDL_mixer.dll

windows7-x64

1

SDL_mixer.dll

windows10-2004-x64

1

SDL_ttf.dll

windows7-x64

1

SDL_ttf.dll

windows10-2004-x64

1

bbb.exe

windows7-x64

7

bbb.exe

windows10-2004-x64

7

jpeg.dll

windows7-x64

3

jpeg.dll

windows10-2004-x64

3

libpng1.dll

windows7-x64

1

libpng1.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

zlib.dll

windows7-x64

3

zlib.dll

windows10-2004-x64

3

�...��.lnk

windows7-x64

3

�...��.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .lnk

  • Size

    344B

  • MD5

    4c2a7c403e0c28333f645a363f606da8

  • SHA1

    fe61f5e318e323fab9af329245e4bba6128aa5c6

  • SHA256

    c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14

  • SHA512

    8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2660 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2578ba959289819946d018f598254843

    SHA1

    e7d0bcbbeedbf1c91f849aab9a31e9fc6455f6c2

    SHA256

    f20b9e200715df70baf0016c81ab5a856365f4d5edd5141e10d6b8105ccb80a3

    SHA512

    4c953a03b53efab7d902900f4dac294c3640d2af5018abca771a5ef22315ace4e8b32d01055295b78526c68c83fa453575cc313d7f2128ac956dd6f97825dc6d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52b33e871ae5520cb64ac64062d8b3f9

    SHA1

    dd1fa857b8d2d49eaa901b6b282a2ce009abc887

    SHA256

    ae21f2ff39b774f99e98b8cda6e0cabd340e6afdbcc27b75a823c1ebcb602774

    SHA512

    fcbc00212ca62c4f736776f22c81daae55b19ad13eba6c93a6868906b3cd4414059e820720f8e57785f2bdbb986902dba421f789fdbb3d11b9b1d71bab702ac1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    421108833162b91160d9e38a4d70e740

    SHA1

    3d7a15e27728d08b8b9b1ec8f4d362ea6e0071b8

    SHA256

    4302d207cb61e8c23eec7e40840226a64dd066c1ca927a1db39b4f562e532b44

    SHA512

    95dfeb92463ebe52378ee94a7dfd440e244566304be8c175d86bcb2337efda845083364fe8af19a7dac8c9c3f8dcbfb5d720047673b84ad71d650519c8077fc4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    157c6a66b1b00e0223c704984e220c23

    SHA1

    37e87c89d64ccdd77d6a2cff7c4e9bd3193b7fde

    SHA256

    7de77eab117aa894b5fae98217c27efed0e67b44f036fd494788dcf6e1157f59

    SHA512

    0cef98b1eb6d45b36a03ecd8c36f5801def5a7f62728096e8642af3f99198cb12b92c372abf5d81d3f778f345d74843d9331687d8ab5a75124c203256105569b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14c97ca87aad8645cec8ec8536885627

    SHA1

    3cd3c1be0839756adaa82f258a528f74e5b21c42

    SHA256

    5b4f0c9d11715ad200d96d13de23eb258f9db1e4aedbfe1784164d36b3833d93

    SHA512

    e86d8dd2a871f56b9e299d7afbd9f3cc0697cbcb3ad80261bd9ce535f5a69bc1736b4f00c02dd8258ba36da519b0a3d3d8dca7f87f6bc8aed2653f6ad9863c18

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    769df7b24ec108503505bd132db69575

    SHA1

    846c63395502a512b8bda5c707f03e4efa28b14c

    SHA256

    f6c15c2a2657de4e2a572016a906e097b4588d742440ebf17136fdc00dc6871a

    SHA512

    d8d0d304fbcbaf02c2d812c6700b0f6cb6bf68bf62917bef8e0b898d0904e09d03b8950e52e9d81a26921acadfdc91f13728eaf8c52a43744c51871e65bf33c6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6fa1c9a1f49200306d5502afda78b93e

    SHA1

    e6009173fa6d237cd5d93d426f0dc8951a7b01ec

    SHA256

    72fb9c16a04a91f8a607ce34cd20a059e37dc564b5de6104fc4d9b661b2a3deb

    SHA512

    cf62bce4dbe076579150e7e7b15e2e4130015cbfeb3918970e2c6809337a46ce607f727896e9280a1ea9b31159e4872781853213b541824e57bcf2e06d117bd1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42ddf3190a805e47e08e99494e9958a1

    SHA1

    f52813fe1982520347873734be525becfb6be199

    SHA256

    40931cec0aff39006d74d599314c16cad5247cc9418cd7f2b84bf42a7b6ca41c

    SHA512

    f86dca87f1f5a6c85d828c053fd098e07689fdd5a2cd6b857fd4bc81f5b2cde9333ac7b46c804c6fff445649075fc7832f5640c8e93cba8bbb9d045b407c349a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d9963f310a056e1a4da7e7747fc9458

    SHA1

    40fac582865faef0b0c5182ee3eb134148d0cf64

    SHA256

    1f5717a0ea56ca703262ca081b8ea8a19fedd7449125e2309489f9a89a3772ee

    SHA512

    59a9a08f81bb152e3f6ea3f75dfcfdec4eab72b049812aa74a6b4ec5b0d5fd5c1dc38f01fa9db7830c8cb21475d5d064fe93684173cd697681204efd2f74c608

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4636.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4757.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit